Bugtraq mailing list archives

Re: Possible DoS in rsh

From: kragen () POBOX COM (Kragen)
Date: Thu, 15 Oct 1998 12:08:38 -0400


On Tue, 6 Oct 1998, Shivan Dragon wrote:

[.rhosts -> /dev/null DOSes rsh, imapd]
I'm pretty sure if I did the server's load could have been through the roof.


Something similar to this was posted for Apache a few months ago.

It has been proposed that the appropriate way to handle this is for
imapd, fingerd, rshd, Apache, etc. to check to see if the config file
is a real file or is something else, and then to refuse to do anything
with it if it's not.

I think that this is rather the wrong way to approach it.  If I have a
50G RAID array, I can create a sparse file of 50G for my .rhosts, which
will probably take enough time for imapd to read to make an effective
DOS.  And having such files attached to named pipes, etc., can really
be quite useful.

A more effective and less restrictive solution would be to put
arbitrary, possibly configurable, limits on the amount of the
configuration file that is paid attention to.  Perhaps 100K would be
reasonable for .rhosts.

Kragen

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
A well designed system must take people into account.  . . .  It's hard to
build a system that provides strong authentication on top of systems that
can be penetrated by knowing someone's mother's maiden name.  -- Schneier

Current thread:

Possible DoS in rsh Shivan Dragon (Oct 06)
- WARNING: By-passing MS Proxy packet filtering Mnemonix (Oct 06)
- tooltalk vulnerable on Digital Unix ?? Andrew Daviel (Oct 08)
- Re: Possible DoS in rsh Nick Andrew (Oct 08)
- Secure Locate v1.0 Kevin Lindsay (Oct 08)
- Re: Possible DoS in rsh Kragen (Oct 15)
- <Possible follow-ups>
- Re: Possible DoS in rsh Henrik Nordstrom (Oct 08)